Updated on: March 25, 2020
Collection and Use of Personal Information
To provide you with our services, we require information from you such as your name, address, phone number, email address, and other personal information (e.g., occupation). You are not required to provide personal information that we request, but, if you choose not to provide it, in many cases we will not be able to provide you with our services or respond to any queries you may have. fTLD collects personal information when you use our services, participate in our webinars and marketing opportunities, and when you visit any of our websites (ftld.com, register.bank and register.insurance).
Here are some examples of the types of personal information fTLD may collect:
Information You Provide Directly. You may provide information voluntarily and directly to us in several ways. For example, we may collect information including your name, address, phone number, and email address when you correspond with fTLD or complete an online form.
Other Information We May Collect. We may collect, either directly or indirectly, certain information about you and the device you use to access our websites. This may include: the type of web browser and operating system you are using; your IP address (which is a number automatically assigned to your computer when you access the internet and can be used to derive your general geographic location); the referral URL directing you to one of our websites; and other navigation data, such as webpages visited, and advertisements viewed or clicked on.
If enabled, information about the content you view and the features you access on fTLD’s websites that we collect using cookies and other technologies (e.g., pixel tags and web beacons), which may include saving cookies to users’ computers. For further information, please read our Cookie Statement.
Domain Analysis and Monitoring. We monitor .BANK and .INSURANCE domains on a regular basis to evaluate compliance with our Security Requirements available at www.fTLD.com/security. As a part of this, we collect information about .BANK and .INSURANCE domains including tags, links, authoritative name servers, implementation and use of DNSSEC and TLS/encryption (including obtaining digital identity certificate information), URL redirection, email authentication information, and use of third-party providers and information about their domains providing services to a .BANK or .INSURANCE domain.
.BANK and .INSURANCE Domain Verification. Verifications are performed by fTLD (or its designated agent) before .BANK and .INSURANCE domains are awarded and annually thereafter. Verification will also be required by fTLD when any material changes to registration data (i.e., Registrant Organization, Registrant Name, and Registrant Email) are made to ensure ongoing compliance with the respective Registrant Eligibility and Name Selection Policies (see: https://www.ftld.com/policies/). In limited circumstances, we may ask for a government issued ID to confirm your organization or the Registrant is not a restricted person or entity.
We may process the personal information we collect to:
- provide you with information, services, or communications you request;
- allow you to participate in our application and verification processes;
- improve our websites and enhance your experience with them;
- respond to your requests, questions, and comments;
improve our services and communication.
We may also collect and use non-personal information (which does not allow direct association to an individual) for any purpose. This type of non-personal information may be used to enhance our websites, communication and services.
Sharing of Information
We may share your information with the following entities:
Affiliates. We may share your information with our affiliates—companies that control, are controlled by, or are under common control with fTLD.
Social Media Advertising Networks. We may share information about you with social media networks to allow for the delivery of customized advertising about products or services that you may be interested in. We provide this information to the social media network, so they can deliver ads to the appropriate social media user. The delivery of customized social media ads, and your ability to opt-out of receiving those ads, is governed by the privacy policies of the social media companies who deliver customized ads to you.
Other Parties When Required by Law, by Internet Corporation for Assigned Names and Numbers (“ICANN”), or as Necessary to Protect Our Services. There may be instances when we disclose your information to other parties to:
- protect the legal rights of the users of fTLD’s websites, fTLD and its affiliates;
- protect the safety and security of users of fTLD’s websites;
- prevent fraud (or for risk management purposes); or
- comply with or respond to the law or legal process or a request for cooperation by a government entity or by ICANN, whether or not legally required.
Other Parties in Aggregated Form. We may also share your information with third-parties in an aggregate or non-personally identifiable form.
Other purposes. To carry out other legitimate business purposes, as well as other lawful purposes about which we will notify you.
Other Parties in Connection With a Transfer of Assets. If we make a sale or transfer of assets, or are otherwise involved in a merger or transfer, or in the unlikely event of bankruptcy, we may transfer your information to one or more third-parties as part of that transaction, reorganization, or liquidation.
We are required under our agreements with ICANN to offer a WHOIS service with respect to the top-level domains (.BANK and .INSURANCE) for which we are the registry operator. The WHOIS service provides free public query-based access to domain name registration data submitted to our back-end registry services provider by registrars. fTLD is required to offer a “thick” (i.e., more extensive) WHOIS 1 service that includes certain personal information associated with the registrants of domain names, including, but not limited to, the name, address, phone number, fax number, and email address of the domain name registrant and the administrative and technical contacts for the domain name (collectively, the “WHOIS Data”). The WHOIS service is available to any user of the internet and, therefore, the WHOIS Data submitted to fTLD’s back-end registry services provider by registrars may be disclosed to third-parties unassociated with fTLD or any of its affiliates. You may use a role name (e.g., Domain Administrator) and/or role email address (e.g., fTLD@fTLD.com) in the WHOIS to protect your personal information.
California Residents’ Privacy Rights
California Civil Code Section 1798.83 permits visitors to fTLD’s websites who are California residents to request certain information from fTLD regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us using the contact details provided at the end in the Contact Information section and put “Shine the Light” in the subject line of your request.
From January 1, 2020, California consumers have the following rights. To the extent that these rights apply to you, the following rights are provided:
- Right to know
You have the right to know and request information about the categories and specific pieces of personal information we have collected about you, as well as the categories of sources from which such personal information is collected, the purpose for collecting such personal information, and the categories of third parties with whom we share such personal information. You also have the right to know if we have sold or disclosed your personal information. You may also request a copy of the personal information we have collected and, upon request, we will provide this information to you in electronic form.
- Right to delete
You have the right to request the deletion of your personal information, subject to certain exceptions and our record retention policy.
- Right to opt-out of sale
You have the right to opt-out of the sale of your personal information to third parties. However, we do not sell your data at this time.
- Right to non-discrimination
You have the right to not be discriminated against for exercising any of these rights.
If you would like to exercise one or more of the rights above, please contact us by using the contact details provided at the end in the Contact Information section. You may designate an authorized agent to make a request on your behalf. Such authorized agent must be registered to conduct business in California with the California Secretary of State. We will deny a request from an agent that does not submit proof that they have been authorized by you to act on your behalf.
We may need to confirm your verifiable consumer request before completing your request, and, for example, may ask for you to confirm data points we already have about you. We will only use personal information provided in a consumer request to verify the requestor’s identity or authority to make the request.
Protection of Personal Information
We use reasonable physical, technical, and administrative measures to safeguard personal information in our possession against loss, theft, unauthorized use, disclosure, or modification. Please note, however, that no data transmission or storage can be guaranteed to be 100% secure. As a result, while we strive to protect the information we maintain, we cannot ensure or warrant the security of any information that you transmit to us.
Our websites are not intended for use by children under age 13. We do not market to children or knowingly collect or store personal information about children under the age of 13. If we learn that we have collected personal information from a child under age 13, we will delete that information from our customer database.
International Transfer of Data
For individuals located in the European Union (EU) or participating in activities outside of the US that you have consented to, your personal information may be transferred to countries outside the EU, in particular to the United States. Some non-EU countries are recognized by the European Commission as providing an adequate level of data protection according to EU standards. The full list of these countries is available at http://ec.europa.eu/justice/data-protection/international-transfers/adequacy/index_en.htm. For transfers from the EU to countries not considered adequate by the European Commission, we have put in place appropriate and suitable safeguards to protect your personal data and that the transfer of your personal data is in compliance with the requirements and the obligations provided by applicable data protection laws, such as standard contractual clauses adopted by the European Commission as per Articles 45 and 46 of the EU General Data Protection Regulation 2016/679.
Accessing or Changing Your Personal Information and Your Rights
Please note that we may need to retain some personal information or other information about you to satisfy our legal and security obligations. For example, some of your information may remain in back-up storage even if you ask us to delete it. In some cases, you may be entitled under local laws to access or object to the processing of information that we hold relating to you.
Where applicable, you have the right to:
- Obtain confirmation as to whether or not your personal information is collected and processed by us and to be informed of its content and source, verify its accuracy and request its integration, update or amendment;
- Request the deletion, anonymization or restriction of the processing of your personal information processed in breach of the applicable law;
- Object to the processing, in all cases, or your personal information;
- Receive an electronic copy of your personal information, if you would like to port it to yourself or another recipient; and
- Lodge a complaint with a data protection supervisory authority.
Remember that even after you cancel your account, or if you ask us to delete your personal information, copies of some information from your account may remain viewable in some circumstances where, for example, you have shared information with other services. We may also retain backup information related to your account on our servers for some time after cancellation or your request for deletion to comply with applicable law.
Do-Not-Track Signals and Similar Mechanisms
Some web browsers may transmit “do-not-track” signals to the websites with which a user communicates. Because of differences in how web browsers incorporate and activate this feature, it is not always clear whether users intend for these signals to be transmitted, or whether they are aware of them. As there is currently no industry standard concerning what, if anything, websites should do when they receive such signals, fTLD’s websites currently do not respond to them. If a final standard is established and accepted, we will reassess how to respond to these signals.
Choice of Law
Write: fTLD Registry Services, LLC, Attn: Legal Counsel, 600 13th Street NW, Suite 400, Washington, DC 20005; or
You have the right to ask us not to process your personal information for marketing purposes. We will usually inform you (before collecting your data) if we intend to use your data for such purposes or if we intend to disclose your information to any third-party for such purposes. You can exercise your right to prevent such processing by checking certain boxes on the forms we use to collect your data. You can also exercise the right at any time by contacting us using the contact details provided above.
If you would like to access, review, update, rectify, or delete personal information we hold about you, or exercise any other data subject rights (e.g., under the EU General Data Protection Regulation (GDPR)), please send a detailed request to us using the contact details provided above.
1 For information on “thick” WHOIS see the following ICANN page: https://www.icann.org/resources/pages/thick-whois-2016-06-27-en.